I have now disjoined this box from the domain and stopped winbind. As
I assumed, the msktutil-utility still does not work (same error: can't
contact ldap-server).
The server is accessible with port 389/636.
Within a tcpdump, I see, that there is encrypted traffic from
squid-proxy to the domain-controller on port 389 (instead of 636).
Could the problem be a missing library? Did someone run this tool
successfully on sles11?
2010/6/29 Henrik Nordström <henrik_at_henriknordstrom.net>:
> tis 2010-06-29 klockan 07:39 +0200 skrev Tom Tux:
>
>> The computer-account already exists in the ad (joined with "net ads join").
>
> Adding principals to a Samba maintained computer account is a little
> tricky. I would recommend creating a new account and attach the
> principal there.
>
> The main issue is that the key changes each time Samba updates the
> computer account (ADS only have a single key per account, not per SPN)
>
>> proxy-test-01:/usr/local/mskutil-0.4/sbin # ktutil
>> ktutil: rkt /etc/krb5.keytab
>> ktutil: l
>> slot KVNO Principal
>
> You need to tell it which keytab to look into.
>
> Regards
> Henrik
>
>
Received on Tue Jun 29 2010 - 09:17:21 MDT
This archive was generated by hypermail 2.2.0 : Tue Jun 29 2010 - 12:00:03 MDT